CISSP Prep: 4 Steps To Achieve Your Certification

E-guideCISSP Prep:4 Steps to AchieveYour CertificationPractice for the exam and keep your skills sharp

E-guideIn this e-guideStep 1: Testp.2Step 2: Studyp.3Step 3: Practicep.9Step 4: Schedulep.10About SearchSecurityp.11In this e-guide:Thank you for downloading our CISSP certification guide.Aside from this handy PDF, you can also access critical CISSPcertification information on SearchSecurity.com.Obtaining CISSP certification is globally recognized as astandard of achievement for security professionals. Today,many large corporations and governmental agencies nowrequire the certification for a position, thus giving CISSPs ahigher earning potential and greatly expanded careeropportunities.In partnership with global information security educator andcertification leader (ISC)², SearchSecurity.com is providinginformation security professionals tools and resources to earnand maintain your CISSP certification.Page 1 of 11

E-guideIn this e-guideStep 1: Test Your KnowledgeStep 1: Testp.2Step 2: Studyp.3Step 3: Practicep.9Step 4: Schedulep.10About SearchSecurityPage 2 of 11p.11First, test your knowledge by taking the CISSP practice exam.This is a free benefit to SearchSecurity.com members. We encourage you tocome back often while you are studying for the CISSP.

E-guideIn this e-guideStep 1: Testp.2Step 2: Studyp.3Step 3: Practicep.9Step 4: Schedulep.10About SearchSecurityp.11Step 2: Study for the CISSP Test withTrainings and TextsLearn more about CISSP domainsThe CISSP exam covers 8 subject areas, which are referred to as domains.These domains are drawn from various security topics within the (ISC)²Common Body of Knowledge, a framework of best practices,methodologies, technologies, and concepts.The CISSP candidate must have at least 5 years of paid full-time experiencein 2 or more of the domains.Prepare for the 8 domains listed below with 10 free lessons fromSearchSecurity’s CISSP Essentials Security School, featuring videos,tutorials, and sample exam questions.Page 3 of 11

E-guideIn this e-guideStep 1: Testp.2Step 2: Studyp.3Step 3: Practicep.9Step 4: Schedulep.10About SearchSecurityp.11Page 4 of 11The 10 lessons in CISSP Essentials Security School are broken down intothree domain groups. The first three domains focus on securing assets andreveal the essential elements to build an organizational enterprise securityprogram, including the frameworks, technologies and methodologies toprotect every company's primary information asset: its data.Domains 4-6 focus on securing the infrastructure as they reveal the nutsand bolts of how to best apply security to everyday computer and businessoperations. Fundamental concepts explored in the sessions include how toeffectively design security architectures, implement secure networks andbuild security into applications and systems.Finally domains 7-10 cover the business of security, an area that is ignoredfar too often in some of today's "status quo" enterprises. Security is oftenthought of exclusively in terms of technology, but corporate security is muchmore. It involves everything from governance, business management andregulatory compliance, to an understanding of physical security, disasterrecovery and the law.

E-guideIn this e-guideAn Overview of the 8 CISSP DomainsStep 1: Testp.2Step 2: Studyp.3Step 3: Practicep.9Step 4: Schedulep.10About SearchSecurityp.11 Security and Risk Management (Security, Risk, Compliance, Law,Regulations, and Business Continuity) Asset Security (Protecting Security of Assets) Information and asset classificationOwnership (e.g. data owners, system owners)Protect privacyAppropriate retentionData security controlsHandling requirements (e.g. markings, labels, storage)Security Engineering (Engineering and Management of Security) Page 5 of 11Confidentiality, integrity, and availability conceptsSecurity governance principlesComplianceLegal and regulatory issuesProfessional ethicSecurity policies, standards, procedures and guidelinesEngineering processes using secure design principlesSecurity models fundamental conceptsSecurity evaluation models

E-guide In this e-guideStep 1: Testp.2Step 2: Studyp.3Step 3: Practicep.9Step 4: Schedulep.10About SearchSecurityp.11 Communication and Network Security (Designing and ProtectingNetwork Security) Secure network architecture design (e.g. IP & non-IP protocols,segmentation)Secure network componentsSecure communication channelsNetwork attacksIdentity and Access Management (Controlling Access and ManagingIdentity) Page 6 of 11Security capabilities of information systemsSecurity architectures, designs, and solution elementsvulnerabilitiesWeb-based systems vulnerabilitiesMobile systems vulnerabilitiesEmbedded devices and cyber-physical systems vulnerabilitiesCryptographySite and facility design secure principlesPhysical securityPhysical and logical assets controlIdentification and authentication of people and devicesIdentity as a service (e.g. cloud identity)Third-party identity services (e.g. on-premise)Access control attacks

E-guide In this e-guideStep 1: Testp.2Step 2: Studyp.3Step 3: Practicep.9Step 4: Schedulep.10About SearchSecurityp.11 Security Assessment and Testing (Designing, Performing, andAnalyzing Security Testing) Assessment and test strategiesSecurity process data (e.g. management and operationalcontrols)Security control testingTest outputs (e.g. automated, manual)Security architectures vulnerabilitiesSecurity Operations (Foundational Concepts, Investigations, IncidentManagement, and Disaster Recovery) Page 7 of 11Identity and access provisioning lifecycle (e.g. provisioningreview)Investigations support and requirementsLogging and monitoring activitiesProvisioning of resourcesFoundational security operations conceptsResource protection techniquesIncident managementPreventative measuresPatch and vulnerability managementChange management processesRecovery strategiesDisaster recovery processes and plans

E-guide In this e-guideStep 1: Testp.2Step 2: Studyp.3Step 3: Practicep.9Step 4: Schedulep.10About SearchSecurityp.11 Business continuity planning and exercisesPhysical securityPersonnel safety concernsSoftware Development Security (Understanding, Applying, andEnforcing Software Security) Security in the software development lifecycleDevelopment environment security controlsSoftware security effectivenessAcquired software security impactBuy the Official (ISC)² “Guide to the CISSP CBK”Find all official ISC² textbooks here.All (ISC)² members receive 50% off Official (ISC)² Textbooks as a memberbenefit.Page 8 of 11

E-guideIn this e-guideStep 3: Retake the CISSP Practice ExamStep 1: Testp.2Step 2: Studyp.3Step 3: Practicep.9Step 4: Schedulep.10About SearchSecurityp.11Page 9 of 11This practice session will offer you a preview of 20 questions pulled straightfrom previous CISSP exams to give you a sneak peak of what thecertification exam entails.Come back daily for a new batch of questions and check out our relatedstudy resources to help boost your score.As a member of SearchSecurity, you have free access to our database ofCISSP practice test questions, presented in cooperation with (ISC)².

E-guideIn this e-guideStep 4: Schedule your Exam DateStep 1: Testp.2Step 2: Studyp.3Already a CISSP?Step 3: Practicep.9SearchSecurity.com has the resources you need to earn your CPEs -including these (ISC)² approved methods:Step 4: Schedulep.10About SearchSecurityp.11You can schedule your exam with Pearson Vue (ISC)² testing partner. Attend a local, live seminar with industry experts. Go online and participate in one of our Virtual Events. Stay informed with Information Security magazine. Use our free online training coursesLearn more about SearchSecurity.com's CPE options.What is CISSP?Page 10 of 11 To learn more about CISSP certification check out their website. And for more information, please email (ISC)² Education or call 1.866.462.4777 (toll-free in North America only) or 1.703.891.6781outside the United States.

E-guideIn this e-guideAbout SearchSecurityStep 1: Testp.2Step 2: Studyp.3Step 3: Practicep.9Step 4: Schedulep.10About SearchSecurityp.11IT security pros turn to SearchSecurity.com for the information they require to keeptheir corporate data, systems and assets secure.We're the only information resource that provides immediate access to breakingindustry news, virus alerts, new hacker threats and attacks, security certificationtraining resources, security standard compliance, webcasts, white papers, podcasts,Security Schools, a selection of highly focused security newsletters and more -- all atno cost.For further reading, visit us athttp://SearchSecurity.com/Images; Fotalia 2017 TechTarget. No part of this publication may be transmitted or reproduced in any form or by any meanswithout written permission from the publisher.Page 11 of 11

Step 3: Practice p.9 Step 4: Schedule p.10 About SearchSecurity p.11 E-guide Step 2: Study for the CISSP Test with Trainings and Texts Learn more about CISSP domains The CISSP exam covers 8 subject areas, which are referred to as domains.